A client computing device (hereinafter “client” or “client system”) can run multiple types of networking software, such as networking software run in the foreground of the client (e.g., application level software visible to a user) and networking software run in the background of the client (e.g., operating system level that is not visible to the user). When a client accesses the Internet, a browser running on the client is usually the complex software that generates frequent networking activities at the client. The security of the client system, therefore, can largely depend on monitoring of the networking activities of the browser.
Traditional technology that monitors client networking operations performs prompting or intercepting when an attempt of a connection to a restricted website is detected in the course of software monitoring. However, when monitoring the networking activities of a third party application, the monitoring party does not know which software application triggers the attempted connection to a restricted website. Rather, only the attempt by the client to visit a restricted website is detected. Without accurate monitoring of networking activities of a browser, if a browser attempts to visit a restricted website, traditional technology that monitors the client networking operations cannot detect that it is the browser that attempts to visit a restricted website, and therefore cannot perform accurate prompting or intercepting of the networking activities of the browser.